﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Web.Configuration;

using AMV.VO;
using System.Web.Security;

namespace AMV.WEB.Admin
{
    public partial class Login : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void btnLogin_Click(object sender, EventArgs e)
        {
            if (!IsValid) return;

            string loginName = txtLoginName.Text.Trim();
            string password = txtPassword.Text.Trim();

            Response.Write(FormsAuthentication.HashPasswordForStoringInConfigFile(password, "md5"));
            Response.Write("<br>");

            try
            {
                AMV.VO.Admin admin = GetAdminByLoginName(loginName);

                if (admin == null)
                {
                    lblErrors.Text = "用户名不存在";
                    return;
                }

                if (admin.PasswordMD5 != FormsAuthentication.HashPasswordForStoringInConfigFile(password, "md5"))
                {
                    lblErrors.Text = "密码不正确";
                    return;
                }

                Session[AMV.UTILITY.Constance.ADMIN_CONTEXT] = admin;
                Response.Redirect("~/Admin/");
            }
            catch (Exception ex)
            {
                lblErrors.Text = "登录失败";
            }

        }




        private AMV.VO.Admin GetAdminByLoginName(string loginName)
        {

            SqlConnection conn = null;
            SqlCommand cmd = null;
            SqlDataReader dr = null;


            try
            {
                conn = new SqlConnection(WebConfigurationManager.ConnectionStrings[UTILITY.Constance.CONNECTION_STRING_ID].ConnectionString);
                cmd = new SqlCommand(
                                    @"SELECT   AdminID, LoginName, RealName, Email, PasswordMD5, State
                                    FROM      Admin
                                    WHERE   (LoginName = @LoginName) ",
                                  conn);

                cmd.Parameters.AddWithValue("@LoginName", loginName);

                conn.Open();
                dr = cmd.ExecuteReader();

                if (dr.Read())
                {
                    AMV.VO.Admin admin = new AMV.VO.Admin();

                    admin.AdminId = (int)dr["AdminID"];
                    admin.LoginName = (string)dr["LoginName"];
                    admin.RealName = (string)dr["RealName"];
                    admin.Email = (string)dr["Email"];
                    admin.PasswordMD5 = (string)dr["PasswordMD5"];
                    admin.State = (bool)dr["State"];

                    return admin;
                }
                else
                {
                    return null;
                }
            }
            catch
            {
            }
            finally
            {
                if (dr != null && !dr.IsClosed) { try { dr.Close(); } catch { } }
                if (conn != null && conn.State == ConnectionState.Connecting) { try { conn.Close(); } catch { } }
            }

            return null;
        }
    }
}